﻿using KimPhongCRM.Lib;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;
using System.Web.Security;
using KimPhongCRM.Models;
using System.Web.Routing;

namespace KimPhongCRM.Controllers
{
    public class PermissionFilterAttribute : ActionFilterAttribute
    {
        public override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            string controllerName = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName;
            string actionName = filterContext.ActionDescriptor.ActionName;
            KimPhongCRM.Models.Entities db = new Entities();
            Guid? userId = SessionData.GetSessionObject("sdUserId") as Guid?;
            if (userId != null)
            {
                if (filterContext.IsChildAction)
                {
                    //db.tblPermissions.Where(o => o.controller == controllerName
                    //        && o.action == actionName).Single().isChildAction=true;
                    //db.SaveChanges();
                    return;
                }
                    
                if (db.tblPermissions.Any(o => o.controller == controllerName
                    && o.action == actionName))
                {
                    Guid roleId = db.Users.Where(u => u.UserId == userId).Single().Roles.Single().RoleId;
                    if (roleId != null && roleId != new Guid())
                    {
                        Guid permId = db.tblPermissions.Where(o => o.controller == controllerName
                            && o.action == actionName).Single().permId;
                        if (db.tblRolePermissions.Any(o => o.permId == permId && o.RoleId == roleId))
                        {
                            if (!db.tblRolePermissions.Where(o => o.permId == permId && o.RoleId == roleId).Single().isActive.Value)
                            {
                                //filterContext.Result = new RedirectResult((filterContext.Controller as Controller).Url.Action("AccessDenie", "Home"));
                                filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary {
                                        { "Controller", "Home" },
                                        { "Action", "AccessDenied" }
                                });
                            }
                        }
                        else {
                            tblRolePermission rolePerm = new tblRolePermission();
                            rolePerm.permId = permId;
                            rolePerm.RoleId = roleId;
                            rolePerm.isActive = false;
                            db.tblRolePermissions.Add(rolePerm);
                            db.SaveChanges();
                            //filterContext.Result = new RedirectResult((filterContext.Controller as Controller).Url.Action("AccessDenie", "Home"));
                            filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary {
                                        { "Controller", "Home" },
                                        { "Action", "AccessDenied" }
                                });
                        }
                    }
                }
                else {
                    tblPermission perm = new tblPermission();
                    perm.permId = Guid.NewGuid();
                    perm.permName = "/" + controllerName + "/" + actionName;
                    perm.controller = controllerName;
                    perm.action = actionName;
                    perm.isActive = true;
                    perm.isChildAction = filterContext.IsChildAction;
                    db.tblPermissions.Add(perm);
                    db.SaveChanges();
                }
            }
            else
            {
                filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary {
                                        { "Controller", "Account" },
                                        { "Action", "Login" }
                                });
                //filterContext.Result = new RedirectResult((filterContext.Controller as Controller).Url.Action("Login","Account"));
            }
        }
    }
}
